Presentation is loading. Please wait.

Presentation is loading. Please wait.

SECURITY Of the five basic elements of an Information System, DATA is our main concern in relation to security practices.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "SECURITY Of the five basic elements of an Information System, DATA is our main concern in relation to security practices."— Presentation transcript:

1

2 SECURITY

3 Of the five basic elements of an Information System, DATA is our main concern in relation to security practices.

4 Monitoring and controlling its flow of information deals particularly with the storage, retrieval and communication phases of information processing. It is the procedures and equipment that are used in these phases that is under scrutiny when looking at enhancing the security of your system.

5 Why protect and guard data? Data is processed into information and information keeps all parts of an organisation informed and running smoothly. Information is an asset. It can be bought, sold, stolen, eradicated and modified. It has value.

6 How is value put on information? REPLACEMENT COST How much would it cost to replace the information? What repercussions will the loss have on the business?

7 SENSITIVE NATURE Exposure of client details could cause a loss of goodwill for the company and harm those involved. Such information is deemed “ sensitive ”.

8 CONTEXT It is difficult to put value on information since the value can change when a new policy is constructed. The same data can have a higher value to one user than to another.

9 LEGAL Some data must remain unchanged for a given number of years, due to legal requirements. Receipts, invoices, bill and tax data must be kept for 5 years.

10 Data Collection Methods DATA WAREHOUSING: a term that now applies to large organisations that accumulates databases and accounting details of clients. Storage must contain accurate and complete data in order for data mining to take place.

11 DATA MINING: a term that refers to the analysis of data within a warehouse (a hard disk or a server). Specialists will examine the data for trends in purchasing or trading among certain businesses

12 DATA CREEP: This refers to the process of data being gathered and then used for other purposes.

13 The information produced from the data is of use to managers for operational decisions, tactical decisions and strategic decisions. Thus all organisations must decide what data is valuable and why.

14 Limiting access to data Access Control Methods Doors with locks Restricted access to the room that houses the server and access to the server is password protected

15 Backup tapes, disks ( CDR, CDRW, ZIP ) are locked away Original software CD ’ s or disks are locked away Shredder

16 Authentication and Identification Methods IDENTIFICATION – the method of saying to the organisations that you are a member of that organisation. Eg by username AUTHENTICATION – the manner in which an individual establishes the validity of their identity.

17 There are 3 methods of authentication. Something you know eg a combination to a lock, PIN Something you possess eg a swipe card, smart card Something you are eg fingerprint, voice pattern

18 Password procedures Length: password choices must be at least 6 keystrokes and alphanumeric Selection: Password cracking dictionaries will analyse passwords as they are passed to the server Ageing: users need to change their passwords at regular intervals. Eg of a decent password: aL1Cb#2R2aD

19 Equipment employed to limit access Biometrics – Finger printing, iris scanning, voice recognition, face recognition and palm prints arc the main biometrics. Biometrics is strong because the identification method is part of the individual. Ie it can ’ t be stolen easy.

20 Limitations of Biometrics Iris Scanning – terrifies people when they learn a ‘ laser ’ beam is used to scan iris. People with physical disorders eg Parkinson ’ s Disease, can ’ t hold their head still, for long enough to take the scan. Voice Recognition – common cold could change the voice quality. Fingerprints – can be duplicated – although it ’ s hard to do

21 Procedures to enhance security of data Network Level security procedures: Network software can hide or restrict access to groups of users or individual users. It can allow users viewing rights to files and directories, editing rights to given files and delete rights.

22 Storage security procedures Storage includes the use of company – accepted file names and areas of storage.

23 Backup Methods as Security What files are backed up? (How important are they? Critical, important, Routine? ) How often are they backed up? Every 20 minutes at places like casinos or once a day? What method? On what medium?

24 Backup Hardware A UPS is an Uninterruptible Power Supply, which is a deep discharge battery that can keep the power on for a given period of time. Other backup hardware: Magnetic tape cartridges, CD-R, CD-RW, zip disk, etc.

25 Communication procedures Companies communicate their information in- house by printer, monitor, e-mail, and fax phone. It ’ s very easy for information to get lost, damaged or stolen by careless procedures. Users must be educated never to leave workstations unattended or leave important information on the monitor, in printer trays or fax trays.

26 Encryptions There are 2 types Single Key Encryption: Documents can be sent safely over a network, etc when they ’ re encrypted first. Simple one-way encryption is by the use of password protection. The same password is used to read the document upon receipt.

27 Public Key Encryption – this method requires a public key and a private key. The public key is given to those who wish to send files, and a private key is used to decrypt the sent files. The private key is controlled by one person and is not transmitted is any form.

28 Stenography This is another method used to secure contents of documents. Using specialised software, text files are hidden inside larger, inconspicuous files such jpg and wav files. The data bits in the text file replace the least significant data bits in the larger file, The larger file will be altered but the differences will be negligible to the human eye.

Download ppt "SECURITY Of the five basic elements of an Information System, DATA is our main concern in relation to security practices."

Similar presentations

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.

HIPAA Security Standards Emmanuelle Mirsakov USC School of Pharmacy.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
1 3. Data Protection and Privacy Reference: Discovering Computers 2003/2004 Course Technology, Thomson Learning Chapter 12 Note: The privacy laws in HK.

1 3. Data Protection and Privacy Reference: Discovering Computers 2003/2004 Course Technology, Thomson Learning Chapter 12 Note: The privacy laws in HK.
A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.

A-Level Computing data damage and prevention. Objectives To know the dangers associated with a computer system To understand the methods of prevention.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.

Security: Playing in Safe By: Matt Hill Identification and Access Identification and Access | When Disaster Strikes | Disaster Recovery Plan | Software.
Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.

Locking the Backdoor: Computer Security and Medical Office Practice Dr. Maury Pinsk, FRCPC University of Alberta Division of Pediatric Nephrology.
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.

BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
PGP An example of Public Key Encryption software.

PGP An example of Public Key Encryption software.
Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.

Security Security is critical in the storage and transmission of information loss of information can not only cause problems to the organisation but can.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Marjie Rodrigues 411154.

Marjie Rodrigues
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.

Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
Security Equipment Equipment for preventing unauthorised access to data & information.

Security Equipment Equipment for preventing unauthorised access to data & information.
Authentication Approaches over Internet Jia Li

Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.

Chapter 10: Authentication Guide to Computer Network Security.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

Similar presentations

Ads by Google